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REMARKS 

No claims have been cancelled or added. Hence, Claims 1 - 40 are pending in the 
Application. 

SUMMARY OF REJECTIONS/OBJECTIONS 

Claims 1 - 5 and 21 - 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
U.S. Patent Application Publication No. US 2002/0143735 (herein "Ayi") in view of U.S. Patent 
No. 5,787,428 (herein "Hart"). 

Claims 6-20 and 26 - 40 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
U.S. Patent No. 5,859,966 (herein "Hayman"). 

Claims 1 - 5 and 21 - 25 

The attached declaration proves that an implementation of claims 1-5 and 21-25 was 
developed and successfully tested before the effective filing date of Ayi, March 30, 2001. 
Therefore, claims 1-5 and 21-25 were reduced to practice by the inventors before the 
effective filing date of Ayi. Ayi cannot be used as a valid basis for rejecting claims 1 - 24 under 
103(a). Reconsideration and allowance of claims 1-5 and 21 - 25 is respectfully requested. 

Claims 6 and 26 

Claims 6 and 26 recite: 

registering, with a database management system, one or more packages of routines, 

wherein each package of said one or more packages implements a security model 
that supports a model set of one or more policies of the database policy set and 
said each package includes an access mediation routine; 

associating a first policy of a first model set in a first package with a first table within the 
database system; and 
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invoking the access mediation routine in the first package for determining whether to 

allow operation on data in the first table based on the first policy. 
Claims 6 and 21 require "registering, with a database management system a "package 
[that] includes an access mediation routine," and "invoking the access mediation routine [to 
determine] . . . whether to allow operation on data in the first table." Such a feature is not 
disclosed much less suggested by the cited art. 

In rejecting claims 6 and 21, the Office Action cites the following passages from Hayman 
as disclosing these features. (Office Action, section 5). 
Text Attributes 

When the hierarchical and categorical components of MAC labels are stored, 
they are generally stored as binary values called binary security attributes. 

According to an aspect of the invention, text attributes (52) are stored alongside 
their corresponding binary security attributes (51). Then, if it is desired to change 
the binary security attributes associated with a text attribute (e.g., if the 
hierarchical component of a label is to be changed from "secret" to "top secret") 
the system searches for the text attributes and when it finds it, the binary security 
attribute stored alongside the found text attribute is changed. 
This creates the advantage of not having to search for the binary attribute, which 
avoids finding equivalent binary values that are not associated with the text 
attribute and should not change simply because the binary value associated with 
the text attribute has changed. If such binary values were changed, important data 
elsewhere on the system could be lost or compromised. 
Capability Access Control 

The security system of the invention provides an additional level of control in 
which the owner of an object is allowed to place a desired amount of protection 
on the object, to protect the object from unauthorized access. 
Specifically, the owner of an object assigns a set of capabilities (a required 
capability set) to an object. In order for a process to access the object (e.g., to 
obtain read/write access to a data file), the process must contain, in its effective 
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capability set, all of the capabilities which the object owner has assigned to the 
object required capability set. (Col. 8, lines 15 - 45). 

Also, security labels are placed on each data file or other system resource, 
and on each user process. A hierarchy of labels is created ranging from highly 
secret to commonly accessible and strict policies are enforced by the security 
system based on these labels to determine who has what type of access to which 
data files or other system resource. According to the invention, a range of these 
labels is assigned to a particular user process to define a clearance range in which 
the process is allowed to operate. Further, the hierarchy of labels is divided into a 
small number (for example 3) of regions, and a user process operating on one 
region is generally not allowed to access another region except in a very carefully 
proscribed manner. (Col. 1, line 63 - Col. 2, line 8). 

The above passages from Hayman describe security labels, including labels in the form of 
a capability set that are assigned to or placed on an object by the owner of the object. 
Presumably, the Office Action has equated these labels in Hayman to the claimed access 
mediation routine that is registered as part of a package with a database management system. 
Hayman teaches its labels are either "binary values" (i.e., binary security attributes (51) or text 
attributes (52). (See also FIG. 5). Hayman, however, does not in any way teach that labels are 
routines, much less access mediation routines that are invoked to determine whether to allow 
operation on data, as claimed. 

Based on the foregoing, claims 6 and 26 are not obvious over Hayman and are therefore 
patentable. Reconsideration and allowance of claims 6 and 26 are respectfully requested. 

Dependent Claims 

The pending claims not discussed so far are dependent claims that depend on an 
independent claim that is discussed above. Because each of the dependent claims includes the 
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limitations of claims upon which they depend, the dependent claims are patentable for at least 
those reasons the claims upon which the dependent claims depend are patentable. Removal of the 
rejections with respect to the dependent claims and allowance of the dependent claims is 
respectfully requested. In addition, the dependent claims introduce additional limitations that 
independently render them patentable. Due to the fundamental difference already identified, a 
separate discussion of those limitations is not included at this time. 

For the reasons set forth above, Applicant respectfully submits that all pending claims are 
patentable over the art of record, including the art cited but not applied. Accordingly, allowance 
of all claims is hereby respectfully solicited. 
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The Examiner is respectfully requested to contact the undersigned by telephone if it is 
believed that such contact would further the examination of the present application. 



Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 



Dated: October 18, 2004 




K. Bingham 
Reg. No. 42,327 



1600 Willow Street 

San Jose, CA 95125 

Telephone No.: (408) 414-1080 ext.206 

Facsimile No.: (408)414-1076 



CERTIFICATE OF MAILING 



I hereby certify that this correspondence is being deposited with the United States Postal Service as first class mail in 
an envelope addressed to: Mail Stop Amendment, Commissioner for Patents, P. O. Box 1450, Alexandria, VA 223 13- 
1450. 
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